Using Apache2-module proxy_balancer as fallback solution for the backend
My servers are mostly work with a normal load, but sometimes they have stress. In some cases the content application like TYPO3 or TomCat could not handle the mass of requests. So I’ve been searched for a automatic solution to display a busy-Page.
The Apache-Modul mod_proxy_balancer provides a solution for me. It doesn’t matter if the content is on the same machine or hosted on dedicated server(s) in the background. The difference is only the source loopback or some foreign IP addresses.
This modules should be loaded: proxy proxy_balancer proxy_http and if you use SSL to the backend _proxyconnect.
The first step is configure the apache to deliver the busy-page and the balancer-manager over the loopback interface:
<VirtualHost 127.0.0.1:80>
ServerAdmin webmaster@domain.tld
DocumentRoot /srv/busypage/
<Directory />
Options None
AllowOverride None
</Directory>
<Directory /srv/busypage/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Location /balancer-manager>
SetHandler balancer-manager
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Location>
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
ErrorLog /var/log/apache2/error-busypage.log
CustomLog /var/log/apache2/access-busypage.log combined
</VirtualHost>
Now you can setup your frontend apache server. I prefer using SSL and redirect all traffic to the https port.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@domain.tld
ServerName www.domain.tld
ServerAlias name.domain.tld
<Directory />
Options None
AllowOverride None
</Directory>
# SSl keys and chain
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/public.cert
SSLCertificateKeyFile /etc/apache2/ssl/private.key
SSLCertificateChainFile /etc/apache2/ssl/intermediate.cert
# secure the server against BEAST attack on TLS
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
# proxy configuration
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
# hide some headers
Header unset Server
Header unset X-Powered-By
SetEnv proxy-nokeepalive 1
SetEnv force-proxy-request-1.0 1
Order deny,allow
Allow from all
</Proxy>
# here is the loadbalancer and fallback part
<Proxy balancer://fallback>
BalancerMember http://your.internal.server/ retry=10
# the fallback
BalancerMember http://127.0.0.1:80 status=+H
ProxySet lbmethod=bytraffic
</Proxy>
<Location />
# Commpression
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png)$ no-gzip dont-vary
Header append Vary User-Agent env=!dont-vary
Order allow,deny
allow from all
ProxyPassReverse http://your.internal.server/
ProxyPass balancer://fallback
</Location>
# Logging
LogLevel warn
ErrorLog /var/log/apache2/error-ssl-balancer.log
CustomLog /var/log/apache2/access-ssl-balancer.log sslcombineddeflate
# Caching
<IfModule mod_mem_cache.c>
CacheEnable mem /
MCacheSize 4096
MCacheMaxObjectCount 100
MCacheMinObjectSize 1
MCacheMaxObjectSize 2048
</IfModule>
</VirtualHost>
</IfModule>
That’s all.
Tom